1. MAJOR BASED ELECTIVE I (B)
To understand the basics of E-Commerce and it Security
E-commerce-Electronic Commerce – E-Commerce types – E-Commerce and world at thelarge-E-
Commerce Case studies : Intel , Amazon.
Electronic Mail – The X.400 Message handling system –Internet Addresses –
Multipurpose Internet Mail Extension – X.500 Directory Services – E-mail user agent.
EDI- Costs and benefits – Components of EDI Systems – EDI implementation issues –
EDIFACT – EDIFACT Message Structure.
Cyber Security – Cyber Attacks – Hacking- SSL - Authentication and assurance of data
integrity – Cryptographic based solutions – Digital Signatures – VPN.
Electronic Payment Systems – payment gateway – internet banking – the SET Protocol
– E-cash – E-Cheque –Elements of electronic payments
1. E-Commerce The Cutting Edge Of Business,Kamalesh K Bajaj,DebjaniNag,McGraw
1. E-Commerce: Issues, Perspectives and Challenges in the Indian Context, Gupta and
Gupta, Knowledge World Publishers,2010.
2. UNIT I
E-commerce-Electronic Commerce – E-Commerce types – E-Commerce and world at thelarge-
E- Commerce Case studies : Intel , Amazon.
Introduction to Commerce
• Commerce is basically an economic activity involving trading or the buying and selling of goods.
For e.g. a customer enters a book shop, examines the books, select a book and pays for it. To fulfill the
customer requirement, the book shop needs to carry out other commercial transactions and business
functions such as managing the supply chain, providing logistic support, handling payments etc.
As we enter the electronic age, an obvious question is whether these commercial transactions and
business functions can be carried out electronically.
In general, this means that no paperwork is involved, nor is any physical contact necessary. This often
referred to as electronic commerce (e-commerce).
The earliest example of e-commerce is electronic funds transfer. This allows financial institutions to
transfer funds between one another in a secure and efficient manner.
Later, electronic data interchange (EDI) was introduced to facilitate inter-business transactions.
• “E-Commerce or Electronic Commerce, a subset of E-Business, is the purchasing, selling and
exchanging of goods and services over computer networks (such as Internet) through which
transactions are performed”.
• “E-Commerce can be defined as a modern business methodology that addresses the needs of
organizations, merchants and consumers to cut costs while improving the quality of goods and services
and increasing the speed of service delivery by using Internet”.
• E-Commerce takes place between companies, between companies and their customers, or between
companies and public administration.
FEW EXAMPLES OF E-Commerce are:
• Amazon.com, an online bookstore started in 1995 grew its revenue to more than 600$ million in
• Microsoft Expedia, an integrated online travel transaction site helps to choose a flight, buy an
airline ticket, book a hotel, rent a car etc. in only a few minutes.
E-Commerce vs Traditional Commerce
• E- Commerce is about the sale and purchase of goods or services by electronic means, particularly
over the internet. In a pure e-commerce system, transactions take place via electronic means. In this
case, you will access a cyber bookstore and download a digital book from a server computer.
• In a physical or traditional commerce system, transactions take place via contact between humans
usually in a physical outlet such as a bookstore.
For e.g. if you want to buy a book, you will go to a physical bookstore and buy the physical book from a
• E-Commerce is more suitable for standard goods, intangible goods; whereas traditional commerce
is more suitable for non standard goods, perishable goods, and expensive goods.
• Complex products such as cars are better served by integrating e-commerce and physical
3. • “E-Business is the conduct of business on the Internet, not only buying and selling but also
servicing customers and collaborating with business partners”.
• E-Business means connecting critical business systems directly to customers, vendors and
suppliers- via the Internet, Extranet and Intranets.
• Therefore it means using electronic information to boost performance and create value by forming
new relationships between and among businesses and customers.
• One of the first to use the term was IBM, in October 1997, when it launched a campaign built
E-Business enables organizations to accomplish the following goals:-
• Reach new markets.
• Create new products or services.
• Build customer loyalty
• Make the best use of existing and emerging technologies.
• Achieve market leadership and competitive advantage.
• Enrich human capital.
Advantages of E-Commerce to Customers
• Reduced Prices:- Costs of products are reduced since the stages along the value chain are
decreased. For instance, intermediaries can be eliminated by the company directly selling to the
customers instead of distributing through a retail store.
• 24-Hour Access:- Online businesses never sleep as opposed to brick and mortar businesses. E-
Commerce allows people to carry out businesses without the barriers of time.
• Global Marketplace:- Consumers can stop anywhere in the world. Currently according to World
Trade Organization (WTO) there are no custom duties put on products bought and traded globally
electronically. This also provides wide selection of products and services to consumers.
4. • More Choices:- Provides consumers with more choices. For e.g. before making any purchase,
customer can study about all the major brands and features of any item. It also provides consumers
with less expensive products and services by allowing them to shop in many places.
Advantages of E-Commerce to Businesses
• Increased potential market share:- The internet enables businesses to have access to international
markets thereby increasing their market share. Companies can also achieve greater economies of scale.
• Low cost Advertising:- Advertising on the internet costs less than advertising on print or television
depending on the extent of advertisement.Advertising on the internet itself is less costly since there is
less cost associated with it in terms of printing and limited television spots.
• Low barriers to Entries:- Anyone can start up a company on the internet. Start-up costs are a lot
lower for companies since there is less need for money for capital.
• Strategic Benefits:- The Strategic benefits of making a business e-commerce enabled is that it helps
reduce the delivery time, labour cost and the cost incurred in document preparation, data entry, error
Disadvantages of E-Commerce
• Hidden Costs:- Although buying online is convenient, the cost of this convenience is not always
clear at the front end. For e.g. on-line purchases are often accompanied by high shipping and re-
stocking fees, a lack of warranty coverage and unacceptable delivery times. In fact, too many e-
commerce companies have developed a reputation of overcharging for shipping and handling.
• Lack of Security:- One of the main roadblocks to the wide acceptance of e-commerce by
businesses and consumers alike is the perceived lack of adequate security for on-line transactions.
For e.g. Consumers are growing increasingly worried about providing credit card information over the
During the past few years, the press has been filled with reports about hackers breaking into e-business
and stealing credit card information.
• Lack of Privacy:- Customers also worry about the privacy implications of data gathered by
organizations of all types and sizes. Even at the simplest data level, sales information is stored in
databases connected to web servers, thus exposing the information to cyber criminals. Because data
gathering on the web is so easy, databases routinely contain information about customer purchasing
habits, credit information and so on. In many cases, companies sell customer database information to
marketing companies. In turn, the marketing companies engage in massive e-mail campaigns to attract
new customers. It doesn’t take long for the customer’s email box to be filled with unwanted email (also
known as Spam).
• Network Unreliability:- Although the Internet is designed to overcome the single point of failure
problem, there have been several well-publicized incidents of network failures during the past few
years. Network reliability problems may be generated by such factors as:-
Equipment failure in the network connection provider.
Accidental problems caused by nature-such as lightning, floods, earthquakes that affect
Long response time due to increased network traffic or inadequate bandwidth.
• Low Service Levels:- Another common complaint about doing business online is the low level of
customer service that online companies tend to provide. Although technology has automated business
transactions to a large extent, there remains a real need for the human touch. Therefore e-commerce
websites must provide:-
5. A pleasant and problem free pre-ordering and ordering experience. The website design is an
Readily available easily used feedback options.
Quick complaint resolution.
Timely and low-cost shipping delivery to customers.
Scope of E-Commerce
• E-Commerce is a general concept covering any form of business transaction or information
exchange executed using information and communication technologies ((ICT’s).
• It includes electronic trading of goods, services and electronic material.
It takes place between companies, between companies and their customers or between companies
and public administrations.
• Electronic Markets:-
An electronic market is the use of information and communication technology to present a range of
offerings available in a market segment so that the purchaser can compare the prices of the offerings
and make a purchase decision
e.g. Airline Booking System
• Electronic Data Interchange:-
It provides a standardized system for coding trade transactions so that they can be communicated
from one computer to another without the need for printed orders and invoices & delays & errors in
It is used by organizations that make a large no. of regular transactions.
e.g. EDI is used in the large supermarket chains for transactions with their suppliers.
• Internet Commerce:-
Information and communications technologies can be used to advertise & make sales of wide range
of goods & services.
This application is both for business to business & business to consumer transactions.
e.g. The purchase of goods that are then delivered by post or the booking of tickets that can be picked
up by the clients
Types of E-Commerce/ E-Commerce Market Models
• There are five types of E-Commerce:-
Business To Business (B2B)
Business To Consumer (B2C)
Consumer To Business (C2B)
Consumer To Consumer (C2C)
Business To Government (B2G)
Business To Business (B2B):- Business to Business or B2B refers to e-commerce activities between
businesses. An E-Commerce company can be dealing with suppliers or distributers or agents. These
6. transactions are usually carried out through Electronic Data Interchange (EDI). EDI is an automated
format of exchanging information between businesses over private networks.
For e.g. manufacturers and wholesalers are B2B Companies.
By processing payments electronically, companies are able to lower the number of clerical errors and
increase the speed of processing invoices, which result in lowered transaction fees.
In general, B2Bs require higher security needs than B2Cs.
With the help of B2B E-commerce, companies are able to improve the efficiency of several common
business functions, including supplier management, inventory management and payment
Business To Customer (B2C):- Business to Customer or B2C refers to E-Commerce activities that are
focused on consumers rather than on businesses.
For instance, a book retailer would be a B2C company such as Amazon.com. Other examples could also
be purchasing services from an insurance company, conducting on-line banking and employing travel
Customer To Business (C2B):-
Customer to Business or C2B refers to E-Commerce activities which use reverse pricing models where
the customer determines the prices of the product or services.
In this case, the focus shifts from selling to buying. There is an increased emphasis on customer
In this type of E-Commerce, consumers get a choice of a wide variety of commodities and services,
along with the opportunity to specify the range of prices they can afford or are willing to pay for a
particular item, service or commodity.
Customer To Customer (C2C):-
Customer to Customer or C2C refers to E-commerce activities, which use an auction style model. This
model consists of a person-to-person transaction that completely excludes businesses from the
Customers are also a part of the business and C2C enables customers to directly deal with each other.
An example of this is peer auction giant ebay.
Business To Government (B2G):- It is a new trend in E-Commerce. This type of E-Commerce is used by
the government departments to directly reach to the citizens by setting up the websites.
These websites have government policies, rules and regulations related to the respective departments.
Any citizen may interact with these websites to know the various details. This helps the people to know
the facts without going to the respective departments.
This also saves time of the employees as well as the citizens.
History of E-Commerce
• The history of Ecommerce seems rather short but its journey started over 40 years ago in hushed
• In the 1960s, very early on in the history of Ecommerce, its purpose was to exchange long distance
electronic data. In these early days of Ecommerce, users consisted of only very large companies, such
as banks and military departments, who used it for command control communication purposes. This
was called EDI, and was used for electronic data interchange.
• Originally, electronic commerce was identified as the facilitation of commercial transactions
electronically, using technology such as Electronic Data Interchange (EDI) and Electronic Funds Transfer
(EFT). These were both introduced in the late 1970s, allowing businesses to send commercial
documents like purchase orders or invoices electronically.
7. • The growth and acceptance of credit cards, automated teller machines (ATM) and telephone
banking in the 1980s were also forms of electronic commerce
• In 1982 Transmission Control Protocol and Internet Protocol known as TCP & IP was developed.
This was the first system to send information in small packets along different routes using packet
switching technology, like today's Internet! As opposed to sending the information streaming down
• Beginning in the 1990s, electronic commerce would include enterprise resource planning systems
(ERP), data mining and data warehousing
• In 1995, with the introduction of online payment methods, two companies that we all know of
today took their first steps into the world of Ecommerce. Today Amazon and ebay are both amongst
the most successful companies on the Internet
Functions of E-Commerce
• Marketing:- One of the areas it impacts particularly is direct marketing. In the past this was mainly
door-to-door, home parties (like the Tupperware parties) and mail orders using catalogues or leaflets.
This moved to telemarketing and TV selling with the advance in television technology and finally
developed into e-marketing.
• Human Resource Management:- Issues of on-line recruiting, home working and ‘entrepreneurs’
working on a project by project basis replacing permanent employees.
• Business law and ethics:- The different legal and ethical issues that have arisen as a result of a
global ‘virtual’ market. Issues such as copyright laws, privacy of customer information etc.
• Management Information System:- Analysis, design and implementation of e-business systems
within an organization ; issues of integration of front-end and back-end systems.
• Product Operations and Management:- The impact of on-line processing has led to reduced cycle
time. It takes seconds to deliver digitized products and services electronically; similarly the time for
processing orders can be reduced by more than 90 percent from days to minutes.
• Finance and Accounting:- On-line banking ; issues of transaction costs ; accounting and auditing
implications where ‘intangible’ assets and human capital must be tangibly valued in an increasing
knowledge based economy.
• Economy:- The impact of E-commerce on local and global economies; understanding the concepts
of a digital and knowledge based economy and how this fits into economic theory.
• Mobile Commerce
• Online Shopping
E-Marketing also known as Internet Marketing, Online Marketing, Web Marketing.
It is the marketing of products or services over the internet.
It is consider to be broad in scope because not refers to marketing on the internet but also done in
Email and wireless media.
8. E-Marketing ties together the creative and technical aspects of the internet, including design
development, advertising and sales.
Internet marketing is associated with several business models i.e., B2C, B2B, C2C.
Internet marketing is inexpensive when examine the ratio of cost to the reach of the target.
It is also known as online advertising it is a form of promotion that uses internet and World Wide
Web to deliver marketing messages to attracts customers.
Example: Banner ads, Social network advertising, online classified advertising etc.
The growth of these particular media attracts the attention of advertisers as a more productive
source to bring in consumers.
Means any user with a personal computer and browser can get connected to his banks, website to
perform any of the banking functions. In internet banking system the bank has a centralized data base
Best example for E-Banking is ATM.
An ATM is an electronic fund transfer terminal capable of handling cash deposits, transfer, Balance
enquiries, cash withdrawals, and pay bills.
• SERVICES THROUGH E-BANKING:
Bill Payment Service
Investing through Internet Banking
E-Learning comprises all forms of electronically supported learning and teaching.
E-Learning applications and processes include web-based learning, computer-based learning.
Content is delivered via. The internet, intranet/extranet, audio, or video tape, satellite TV.
E-Learning is naturally suited to distance and flexible learning, but can also be used conjunction with
E-Learning can also refer to the educational website such as those offering learning scenarios worst
and interactive exercises for children.
A learning management system (LMS) is software used for delivering, tracking, and managing training
• Mobile Commerce:-
Mobile Commerce also known as M-Commerce, is the ability to conduct, commerce as a mobile
device, such as mobile phone.
Banks and other financial institutions use mobile commerce to allow their customers to access
account information and make transactions, such as purchasing, withdrawals etc.,
Using a mobile browser customers can shop online without having to be at their personal computer.
• SERVICES ARE:
1. Mobile ticketing
2. Mobile contract purchase and delivery mainly consumes of the sale of ring tones, wallpapers and
games of mobile phones.
3. Local base services
9. • Local discount offers
• Local weather
4. Information services
• Sports, Scores
• Online Shopping:-
Online shopping is the process whereby consumers directly buy goods or services from a sell in real
time, without intermediary services over the internet.
An online shop, e-shop, e-store, internet shop web shop, web store, online store, or virtual shop
evokes the physical analogy of buying products or services in a shopping center.
In order to shop online, one must be able to have access to a computer, a bank account and debit
Online shoppers commonly use credit card to make payments , however some systems enable users
to create accounts and pay by alternative means ,such as
• Debit cards.
• Gift cards
Online stores are usually available 24 hours a day
The conventional media that have been used for entertainment are
4. Video games.
Online books /newspapers, online radio, online television, online firms, and online games are common
place in internet where we can entertain.
Online social networking websites are one of the biggest sources of E-entertainment for today’s
Electronic Mail – The X.400 Message handling system –Internet Addresses – Multipurpose Internet
Mail Extension – X.500 Directory Services – E-mail user agent.
X.400 is a suite of ITU-T Recommendations that define standards for Data Communication Networks for
Message Handling Systems (MHS) — more commonly known as email.
At one time, the designers of X.400 were expecting it to be the predominant form of email, but this
role has been taken by the SMTP-based Internet e-mail. Despite this, it has been widely used within
organizations and was a core part of Microsoft Exchange Server until 2006; variants continue to be
important in military and aviation contexts.
X.400 Message-Handling System
The ITU (formerly CCITT) defined the X.400 MHS standard, an electronic system for exchanging
messages among store-and-forward mail systems. In ISO terminology, X.400 is called MOTIS (Message-
10. Oriented Text Interchange System). The goal of the standard is to provide compatibility among multi-
vendor products and interfaces as well as public and private message services.
X.400 was first introduced in 1984 and has been through several enhancements. It outlines the
protocols, procedures, components, terminology, and testing methods required to build interoperable
e-mail systems. X.400 is based on a distributed client/server model. Internet mail has now become the
de-facto mail standard.
What is X.400?
A set of standards defined in 1984 and 1988 by the International Telecommunication Union (ITU) for
computer-based handling of e-mail. The X.400 standard is based on the Open Systems Interconnection
(OSI) reference model and other protocols developed by theInternational Organization for
Standardization (ISO). X.400 provides global standards that enable users to send e-mail between any
X.400-compliant messaging systems. X.400 is widely considered to be the standard framework for
global messaging, although the Simple Mail Transfer Protocol (SMTP) for Internet e-mail might have an
even better claim to the title. X.400 is widely implemented in Europe by most post, telephone, and
telegraph (PTT) authorities. Microsoft Exchange Server supports messaging connectivity with X.400
mail systems through the X.400 Connector, an optional component available with the Enterprise
Edition of Exchange Server 5.5.
How X.400 Works
X.400 defines a global Message Handling System (MHS) that consists of a number of messaging
components. From an administrative point of view, the building blocks of the MHS are management
domains (MDs). (MDs are not the same as DNS domains - the Domain Name System [DNS] is used for
SMTP mail, not X.400 messaging services.) A management domain is a collection of messaging systems
with at least one Message Transfer Agent (MTA)managed by a specific organization. X.400
management domains come in two varieties:
Administrative Management Domains (ADMDs):
Messaging systems managed by an administrator or a registered private agency. These are the top-
level management domains that handle third-party messaging traffic. An example is a telephone carrier
service company such as AT&T.
Private Management Domains (PRMDs):
Unique subscriptions to an ADMD, such as telephone numbers of users. PRMDs can send or receive
messages from an ADMD, but PRMDs cannot communicate directly with each other.
An X.400 MHS consists of the following five kinds of messaging components:
Message Transfer Systems (MTS’s):
Collections of one or more MTAs that function together to provide message forwarding services for a
particular X.400 domain.
11. Message Transfer Agents (MTAs):
Route and deliver transport messages to and from User Agents (UAs) and with other MTAs. An MTA
corresponds to a mail server in a typical LAN–based messaging system. MTAs maintain a database of all
UAs registered in their domain and routing tables that indicate how messages should be forwarded to
Messages Stores (MS’s):
Temporarily store messages that an MTA has received until they can be processed and forwarded for
delivery. X.400 thus uses a store-and-forward method of message delivery.
User Agents (UAs):
Provide messaging functionality directly to users. From a practical point of view, a UA can be identified
as the e-mail client software that a user is running; from an abstract point of view, a UA is a domain
belonging to a user and consisting of additional subcomponents. The goal of an X.400 MHS is to
facilitate exchange of messages between different UAs.
Access Units (AUs):
Gateways between an X.400 MHS and another messaging system such as a telex or fax system.
Graphic X-2. X.400. The X.400 Message Handling System.
Each UA in an X.400 MTS is identified by a special X.400 address called an Originator/Recipient (O/R)
address. The O/R address is the e-mail address of the X.400 user and can be quite complex compared
to an SMTP e-mail address. (This is one reason that SMTP is overtaking X.400 in popularity.) An O/R
address consists of a series of VALUE=ATTRIBUTE pairs separated by semicolons. Not all fields need to
be complete - only those that uniquely identify the recipient are required. Here is an example of an
The individual address fields are as follows:
Country (C) is United States
ADMD (A) is MCI
PRMD (P) is Microsoft (company name)
Organization (O) is Sales Department of Microsoft
Surname (S) is Smith
Given name (G) is Jeff
12. An X.400 message consists of a P1 envelope and its P2/22 message contents. The envelope contains
the e-mail address information needed for routing the message to its destination. The X.400 protocol
for a message envelope includes support for message tracking and delivery priority features. The X.400
protocol for the message content includes a header and body part for the message.
What typically happens in the message transfer process is that a UA sends a message addressed to
another UA in the MHS. The message is forwarded to an MTA in the local MTS, which either delivers
the message locally or forwards it to a remote MTA for handling, depending on where the destination
UA is located. The message is passed from MTA to MTA until it reaches the MTS of the destination UA,
whereupon it is either delivered if the destination UA is connected or stored in an MS until the UA can
Multipurpose Internet mail extension (MIME)
Multipurpose Internet Mail Extension (MIME) is a standard which was proposed by Bell
Communications in 1991 in order to expand limited capabilities of email.
MIME is a kind of add on or a supplementary protocol which allows non-ASCII data to be sent through
SMTP. It allows the users to exchange different kinds of data files on the Internet: audio, video, images,
application programs as well.
Why do we need MIME?
Limitations of Simple Mail Transfer Protocol (SMTP):
• SMTP has a very simple structure
• It’s simplicity however comes with a price as it only send messages in NVT 7-bit ASCII format.
• It cannot be used for languages that do not support 7-bit ASCII format such as- French, German,
Russian, Chinese and Japanese, etc. so it cannot be transmitted using SMTP. So, in order to make
SMTP more broad we use MIME.
• It cannot be used to send binary files or video or audio data.
• Purpose and Functionality of MIME –
Growing demand for Email Message as people also want to express in terms of Multimedia. So,
MIME another email application is introduced as it is not restricted to textual data.
X500 Directory Service
X.500 is a directory service used in the same way as a conventional name service, but it is primarily
used to satisfy descriptive queries and is designed to discover the names and attributes of other users
or system resources. Users may have a variety of requirements for searching and browsing in a
directory of network users, organizations and system resources to obtain information about the
entities that the directory contains. The uses for such a service are likely to be quite diverse. They range
from enquiries that are directly analogous to the use of telephone directories, such as a simple ‘white
pages’ access to obtain a user’s electronic mail address or a ‘yellow pages’ query aimed, for example, at
obtaining the names and telephone numbers of garages specializing in the repair of a particular make
of car, to the use of the directory to access personal details such as job roles, dietary habits or even
photographic images of the individuals.
13. Standard of ITU and ISO organizations
Organized in a tree structure with name nodes as in the case of other name servers
A wide range of attributes are stored in each node
Directory Information Tree (DIT)
Directory Information Base (DIB)
X.500 service architecture
The data stored in X.500 servers is organized in a tree structure with named nodes, as in the case of the
other name servers discussed in this chapter, but in X.500 a wide range of attributes are stored at each
node in the tree, and access is possible not just by name but also by searching for entries with any
required combination of attributes. The X.500 name tree is called the Directory Information Tree (DIT),
and the entire directory structure including the data associated with the nodes, is called the Directory
Information Base (DIB). There is intended to be a single integrated DIB containing information provided
by organizations throughout the world, with portions of the DIB located in individual X.500 servers.
Typically, a medium-sized or large organization would provide at least one server. Clients access the
directory by establishing a connection to a server and issuing access requests. Clients can contact any
server with an enquiry. If the data required are not in the segment of the DIB held by the contacted
server, it will either invoke other servers to resolve the query or redirect the client to another server.
Directory Server Agent (DSA)
Directory User Agent (DUA)
In the terminology of the X.500 standard, servers are Directory Service Agents (DSAs), and their clients
are termed Directory User Agents (DUAs). Each entry in the DIB consists of a name and a set of
attributes. As in other name servers, the full name of an entry corresponds to a path through the DIT
from the root of the tree to the entry. In addition to full or absolute names, a DUA can establish a
context, which includes a base node, and then use shorter relative names that give the path from the
base node to the named entry.
An X.500 DIB Entry
14. Part of the X.500 Directory Information Tree
The data structure for the entries in the DIB and the DIT is very flexible. A DIB entry consists of a set of
attributes, where an attribute has a type and one or more values. The type of each attribute is denoted
by a type name (for
example, countryName, organizationName, commonName, telephoneNumber, mailbox,objectClass).
New attribute types can be defined if they are required. For each distinct type name there is a
corresponding type definition, which includes a type description and a syntax definition in the ASN.1
notation (a standard notation for syntax definitions) defining representations for all permissible values
of the type.
DIB entries are classified in a manner similar to the object class structures found in object-oriented
programming languages. Each entry includes an objectClass attribute, which determines the class (or
classes) of the object to which an entry refers. Organization, organizationalPerson and document are all
examples ofobjectClass values. Further classes can be defined as they are required. The definition of a
class determines which attributes are mandatory and which are optional for entries of the given class.
The definitions of classes are organized in an inheritance hierarchy in which all classes except one
(called topClass) must contain an objectClass attribute, and the value of the objectClass attribute must
be the names of one or more classes. If there are several objectClass values, the object inherits the
mandatory and optional attributes of each of the classes.
Administration and updating of the DIB • The DSA interface includes operations for adding, deleting
and modifying entries. Access control is provided for both queries and updating operations, so access
to parts of the DIT may be restricted to certain users or classes of user
Lightweight Directory Access Protocol • X.500’s assumption that organizations would
provide information about themselves in public directories within a common system has proved largely
unfounded. group at the University of Michigan proposed a more lightweight approach called
the Lightweight Directory Access Protocol (LDAP), in which a DUA accesses X.500 directory services
directly over TCP/IP instead of the upper layers of the ISO protocol stack.
15. Mail User Agent
A Mail User Agent (MUA), also referred to as an email client, is a computer application that allows you
to send and retrieve email. A MUA is what you interact with, as opposed to an email server, which
transports email. MUAs can be software applications, such as Outlook Express and Lotus notes, or they
can be webmail services such as those provided by Yahoo!, Microsoft Outlook.com, and Gmail.
MUAs are the component within the Simple Mail Transfer Protocol (SMTP) system responsible for
creating email messages for transfer to a Mail Transfer Agent (MTA).
A Mail Transfer Agent (MTA), also referred to as a message transfer agent, mail server, or a mail
exchanger (MX), is a computer program or software agent that sends and receives email messages
from one computer to another computer.
Email is based around the use of electronic mailboxes. When an email is sent, the message is routed
from server to server, all the way to the recipient's email server. More specifically, the message is sent
to the mail server tasked with transporting emails (called the MTA, for Mail Transport Agent) to the
recipient's MTA. On the Internet, MTAs communicate with one another using the protocol SMTP, and
so are logically called SMTP servers (or sometimes outgoing mail servers).
The recipient's MTA then delivers the email to the incoming mail server (called the MDA, for Mail
Delivery Agent), which stores the email as it waits for the user to accept it. There are two main
protocols used for retrieving email on an MDA: POP3 (Post Office Protocol), the older of the two, which
is used for retrieving email and, in certain cases, leaving a copy of it on the server; and IMAP(Internet
Message Access Protocol), which is used for coordinating the status of emails (read, deleted, moved)
across multiple email clients. With IMAP, a copy of every message is saved on the server, so that this
synchronization task can be completed.
For this reason, incoming mail servers are called POP servers or IMAP servers, depending on which
protocol is used:
To use a real-world analogy, MTAs act as the post office (the sorting area and mail carrier), which
handle message transportation, while MDAs act as mailboxes, which store messages (as much as their
volume will allow) until the recipients check the box. This means that it is not necessary for recipients
to be connected in order for them to be sent email.
To keep everyone from checking other users' emails, MDA is protected by a user name called
a loginand by a password.
Retrieving mail is done using a software program called an MUA (Mail User Agent). When the MUA is a
program installed on the user's system, it is called an email client (such as Mozilla Thunderbird,
Microsoft Outlook, Eudora Mail, Incredimail or Lotus Notes).
16. When it is a web interface used for interacting with the incoming mail server, it is called webmail.
By default, it is not necessary to authenticate oneself to send email, which means that it is very easy to
falsify one's own address when sending mail. For this reason, nearly all Internet service providers lock
down their SMTP servers so that only their subscribers can use them, or more precisely, only machines
whose IP address belongs to the ISP's domain. This explains why users must modify the outgoing server
settings in their email clients each time they move to a new home or business.
When an organization's email server is improperly configured and allows third-party users on any
network to send emails, this is called an open relay. Open relays are generally used by spammers, as
using them hides the true origins of their messages. As a result, many ISPs keep an up-to-date
blacklist of open relays to keep subscribers from receiving messages from such servers.
EDI- Costs and benefits – Components of EDI Systems – EDI implementation issues – EDIFACT –
EDIFACT Message Structure.
E-Commerce Trade Cycle
• E-Commerce can be applied to all, or different phases of the trade cycle.
• The trade cycle varies depending on:-
The nature of the organization (or individuals) involved.
The nature and type of goods or services being exchanged.
The frequency of trade between the partners to the exchange process.
• The trade cycle has to support:-
Finding goods or services appropriate to the requirement and agreeing the terms of trade often
referred to as search and negotiation.
Placing the order, taking delivery and making payment i.e., execution & settlement of transaction.
After sales activity such as warrantee, service etc.
There are numerous categories of trade cycles depending on the factors outlined above and, for
many transactions, further complicated by the complexities of international trade.
• Three generic trade cycles can be identified:-
1. Regular, repeat transactions between commercial trading partners (Repeat Trade Cycle).
2. Irregular Transactions between commercial trading partners where execution and settlement are
separated (Credit Transactions)
3. Irregular transactions in once-off trading relationships where execution and settlement are
typically combined (Cash Transactions)
17. • Electronic Markets:-
It increases the efficiency of the market.
It reduces the search cost for the buyer and makes it more likely that buyer will continue the search
until the best buy is found.
It exists in financial markets & they are also used in airline booking system.
It is irregular transaction trade.
• Electronic Data Interchange:-
It is used for regular repeat transactions.
It takes quite a lot of work to set up systems.
Mature use of EDI allows for a change in the nature of the product or service.
e.g. Applications are sending test results from the pathology laboratory to the hospital or dispatching
exam results from exam boards to school.
• Internet Commerce:-
18. The first stage
• Advertising appropriate goods and services.
• Internet sites offer only information & any further steps down the trade cycle are conducted on
The Second stage
• An increasing no. of sites offer facilities to execute & settle the transaction.
• Delivery may be electronic or by home delivery depending on the goods and services.
The final stage
• After-sales service.
• On-line support & On-Line services.
Tools & Technologies for E-Commerce
• Electronic data interchange (EDI)
• Bar codes
• Electronic mail
• World Wide Web
• Product data exchange
• Electronic forms
• Electronic Data Interchange (EDI)
EDI is the computer-to-computer exchange of structured business information in a standard
electronic format. Information stored on one computer is translated by software programs into
standard EDI format for transmission to one or more trading partners. The trading partners’ computers,
in turn, translate the information using software programs into a form they can understand.
• Bar Codes
Bar codes are used for automatic product identification by a computer. They are a rectangular
pattern of lines of varying widths and spaces. Specific characters (e.g. numbers 0-9) are assigned
unique patterns, thus creating a "font" which computers can recognize based on light reflected from a
The most obvious example of bar codes is on consumer products such as packaged foods. These
codes allow the products to be scanned at the checkout counter. As the product is identified the price
is entered in the cash register, while internal systems such as inventory and accounting are
• Electronic Mail
Messages composed by an individual and sent in digital form to other recipients via the Internet.
19. The Internet is a global network of millions of diverse computers and computer networks. These
networks can all "talk" to each other because they have agreed to use a common communications
protocol called TCP/IP. The Internet is a tool for communications between people and businesses. The
network is growing very, very fast and as more and more people are gaining access to the Internet, it is
becoming more and more useful.
• World Wide Web
The World Wide Web is a collection of documents written and encoded with the Hypertext Markup
Language (HTML). With the aid of a relatively small piece of software (called a "browser"), a user can
ask for these documents and display them on the user’s local computer, although the document can be
on a computer on a totally different network elsewhere in the world.
HTML documents can contain many different kinds of information such as text, pictures, video,
sound, and pointers, which take users immediately to other web pages.
It is this ability to jump from site to site that gave rise to the term "World Wide Web." Browsing the
Web (or "surfing the Net") can be a fascinating activity, especially to people new to the Internet. The
World Wide Web is by far the most heavily used application on the Internet.
• Product Data Exchange
Product data refers to any data that is needed to describe a product. Sometimes that data is in
graphical form, as in the case of pictures, drawings and CAD files. In other cases the data may be
character based (numbers and letters), as in the case of specifications, bills of material, manufacturing
instructions, engineering change notices and test results.
Product data exchange differs from other types of business communications in two important ways.
First, because graphics are involved users must contend with large computer files and with problems
of compatibility between software applications. (The difficulty of exchanging CAD files from one system
to another is legendary).
Second, version control very quickly gets very complicated. Product designs, even late in the
development cycle, are subject to a great deal of change, and because manufacturing processes are
involved, even small product changes can have major consequences for getting a product into
• Electronic Forms
Electronic form is a technology that combines the familiarity of paper forms with the power of storing
information in digital form. Imagine an ordinary paper form, a piece of paper with lines, boxes, check-
off lists, and places for signatures. To the user an electronic form is simply a digital analogue of such a
paper form, an image, which looks like a form but which appears on a computer screen and is filled out
via mouse, and keyboard.
Behind the screen, however, lie numerous functions that paper and pencil cannot provide. Those
extra functions come about because the data from electronic forms are captured in digital form, thus
allowing storage in data bases, automatic information routing, and integration into other applications.
Framework of E-Commerce
• This framework, first developed by Kalakota and Whinston, Professors of Information Systems and
prolific authors on the subject, takes a holistic view and identifies the different components of business
and technology that make up e-commerce. Using the analogy of the architecture of a building
illustrated in Fig., they explain how the different components fit and interact together, emphasizing the
relative importance of each component.
20. • Kalakota and Whinston use the analogy of a traditional transportation company to describe the
complexity of the network and how the different components that make up the technology
infrastructure are interlinked.
The network infrastructure is like the network of roads that are interconnected and are of different
widths, lengths and quality – for example, the Internet, local area networks, intranets. Network
infrastructures also take different forms such as telephone wires, cables, wireless technology (such as
satellite or cellular technology).
The publishing infrastructure (including the WWW, Web servers) can be seen as the infrastructure of
vehicles and warehouses, which store and transport electronic data and multimedia content along the
network. Multimedia content is created using tools such as HTML and JAVA. This content can be very
different with varying degrees of complexity similar to different vehicles travelling on the roads. For
example, text only, or more complex is an application, such as a computer game, containing audio,
video, graphics and a programme.
Messaging and information distribution infrastructure are the engines and fuel, which transport the
data around the network. Once the multimedia content is created, there has to be a means of sending
and retrieving this information, for example by EDI, e-mail, Hyper Text Transfer Protocol.
Once content and data can be created, displayed and transmitted, supporting business services are
necessary for facilitating the buying, selling and other transactions safely and reliably. For example,
smart cards, authentication, electronic payment, directories/catalogues.
• The next components which facilitate and enable e-commerce and which are built on the
foundations of technology are:
Public policy, regulations and laws that govern issues such as universal access, privacy, electronic
contracts and the terms and conditions that govern e-commerce.
Universal agreement of technical standards dictate the format in which electronic data is transferred
over networks and is received across user interfaces, and the format in which it is stored. This is
necessary so that data can travel seamlessly across different networks, where information and data can
be accessed by a whole range of hardware and software such as computers, palmtops, and different
kinds of browsers and document readers.
The interaction of people and organizations to manage and coordinate the applications,
infrastructures and businesses are all necessary to make e-commerce work.
All these elements interact together to produce the most visible manifestation of e-commerce.
These applications include on-line banking and financial trading; recruitment; procurement and
purchasing; marketing and advertising; auctions; shopping are just a few examples.
21. This is a particularly useful framework for managers to understand the importance of technology
and business, both within the organization and external to it, in the planning and development of any
e-commerce or e-business solution.
Electronic Data Interchange (EDI)
• Electronic data interchange (EDI) is the process used by organizations in order to transmit the data
between organizations by electronic means. It is used to transfer electronic documents or business
data from one computer system to another computer system, i.e. from one trading partner to another
trading partner without human intervention.
• Here, are two major parties i.e. Customer & Merchant,
• Customer firstly order for the required product. Trading party then give confirmation, Delivery
note, Invoice & Acknowledgements for the product status. At the end, customer pays for the product.
• Here, We have shown the basic overview but EDI is somewhat complex.
EDI is used by organizations for transactions that occur on regular basis to a predefined format.
• Organizations that send or receive documents between each other are referred to as "trading
partners" in EDI terminology. The trading partners agree on the specific information to be transmitted
and how it should be used.
• EDI is also known as paperless trading.
• EDI is basically-
• “The transfer of structured data, by agreed message standards, from one computer system to
another, by electronic means.”
EDI has four elements, each of them essential to an EDI system:
• Structured Data: EDI transactions are composed of codes, & short pieces of text. Each Element
with a strictly defined purpose.Fore.g An order has codes for the customer & product & values such as
• Agreed Message Standards: The EDI transaction has to have a standard format. The standard is not
just agreed between the trading partners but is a general standard agreed at national or international
level. A purchase order will be one of a number of agreed message standards.
• From one computer system to another: The EDI message sent is between two computer
applications. There is no requirement for people to read the message or re-key it into a computer
system. For e.g. The message is directly between the customer’s purchasing system & the supplier’s
order processing system.
22. • By electronic means: Usually this is by data communications but the physical transfer of magnetic
tape or floppy disc would be within the definition of EDI. Often networks specifically designed for EDI
will be used.
Main Features of EDI:
• EDI’s use structured formatted messages that are based on agreed standards - in this way the
messages can be read by any system that understands the rules they are governed by. However, this is
not always as simple as it seems, as there are also the provision of EDI translation software packages.
• Required to set up an interface between the company computer and the EDI sent/received
• EDI provides a relatively fast delivery of electronic documents from sender to receiver.
• EDI provides direct communication between applications, rather than between computers.
• EDI includes data management and networking capabilities, data processing, the efficient capture
of data into electronic form, the processing and retention of data, controlled access to it, and efficient
and reliable data transmission between remote sites.
Benefits of EDI:
• Reduced paperwork: Even when paper documents are maintained in parallel with EDI exchange,
e.g. printed shipping manifests, electronic exchange and the use of data from that exchange reduces
the handling costs of sorting, distributing, organizing, and searching paper documents.
• Cost cutting: The use of EDI can cut costs. These include the costs of stationary & postage but
these will probably be fully matched by the costs of running the EDI service.EDI and similar
technologies allow a company to take advantage of the benefits of storing and manipulating data
electronically without the cost of manual entry.
• Reduced Errors: Another advantage of EDI is reduced errors, such as shipping and billing errors,
because EDI eliminates the need to rekey documents on the destination side. Keying an information
into the computer system is a source of errors & keying paper orders into order processing system is no
exception.EDI eliminates this source of errors. On the down side, there is no order entry clerk who
might have spotted errors made by the customer- the customer will get what the customer asked for.
• Faster Response: With paper orders it would be several days before the customer was informed of
any supply difficulty, such as the product is out of stock. With EDI the customer can be informed
straight way giving time for an alternative product to be ordered or an alternative supplier to be used.
• Improved funds transmission: Due to this increased efficiency of non-paper accounts, cash flow
will improve as electric fund transmission is able to begin much earlier than previously.
• Improved Shipping Service: Shipping is also improved as EDI provides quick and efficient
information as it relies on barcode information to communicate. It is able to track inventory and
eliminates the incidence of lost packages due to their isolation from the larger shipping order. EDI
greatly improves accuracy of data as it is all automated.
• EDI payment: Payment can also be made by EDI. The EDI payment system can also generate an EDI
payment advice that can be electronically matched against the relevant invoices, again avoiding query
23. EDI System
Difference between EDI & Email:
• EDI sounds similar to electronic mail (email), but is actually quite different. While email allow for
free unstructured test messages to be sent from one computer to another (or multiple) computers, EDI
supports structured business messages to be transmitted between partners. Previously these would
have been hard copy documents or printed business documents. So rather than having documents pass
from person to person, they go from computer to computer.
EDI: THE NUTS AND BOLTS
• At the heart of any EDI application is the EDI standard. The essence of EDI is the coding &
structuring of the data into a common & generally accepted format.
• Documents sent via EDI can serve as input for a receiving a company's business application
because they are formatted according to standards that stipulate where certain information should be
located, such as where net total amount should appear on an invoice.
• These standards also define how individual pieces of information should be represented. For
example, in the standards for an electronics industry purchase order, there are specific codes defined
to identify the type of product or service being requested, e.g. PN (company part number), BY (buyers
part number), VP (vendors part number), PW (part drawing), etc.
Components of EDI
1. Application service
2. Translation service
3. Communication service
24. 1. Application Services :-
It provides the link between application and EDI. It allows you to send documents from an EDI system.
The set of callable routine is used to transfer document from the business application into EDI
document, destination can be either intra-company or to the external companies.
2. Translation service:-
Converts the outgoing documents from an internal format file to an agreed external format. Translates
internal document from external format to EDI internal format file.
3. Communication service:-
The communication service sends and receives transmission files to and from the trading partners
either directly or by using party service called a valued added network (VAN).
25. File Types
EDI creates following files as a document passes through the system:
1. Internal format file (IFF):-
It contains single document for single trading partner.
2. External format file (EFF):-
It contains same data as the internal format file translated into the appropriate standard document
3. Transmission file:-
It contains one or more document for the same trading partner. Documents of same format are packed
into functional groups. The functional groups going to one trading partner are packaged into an
Every EDI sender and receiver should have EDI translator. It varies based on the computer on which it is
going to reside. The computer may be a micro computer or a midrange or a mainframe. Translator
reads the fixed length file and generates valid EDI standard and maintains control information.
2. Application link software:-
Application link software is used to collect information from the business application and then it
formats into fixed length computer file and passes it onto translators.
Types of EDI standards:
• Proprietary standard - EDI standard developed for a specific company or industry. This is also
called a non-public or private standard.
• Public standard - EDI standard developed for use across one or more industries.
• Electronic Data Interchange for Administration, Commerce, and Transport is the international set
of EDI standards
• Became a UN standard in 1987
• Maintenance and further development is the responsibility of the United Nations Centre for Trade
Facilitation and Electronic Business (UN/CEFACT)
26. • Includes syntax rules and implementation guidelines, message design guidelines, data elements,
code sets, and other definitions
• Used for business-to-business (B2B) communication rather than business-to-consumer (B2C)
• Allows multi-country and multi-industry exchange
The four pillars of EDIFACT
• Rules for the definition of a message structure
• Data elements
• Smallest data unit
• Include codes & the values for items such as date & address code
• Groups of related data elements
• Ordered sequence of segments
• Defines a business transaction
• United Nations/Electronic Data Interchange For Administration, Commerce and
Transport (UN/EDIFACT) is the international EDI standard developed under the United Nations.
EDIFACT Structure Chart
• For EDIFACT each document type is referred to as a message. For trade purposes the documents
include order, dispatch advice, invoice, payment order & remittance advice. Other sectors include their
own documentation requirements, sectors using EDIFACT include:
27. • Transport
• Social Administration
• Public Administration
EDI Layered Architecture
EDI Semantic layer:-
Describes the business application
• Requests for quotes
• Price quotes
• Purchase orders
28. Specific to company & software used
EDI Standard Layer:-
Specifies business form structure so that information can be exchanged it also influence the content
at application layer.
The most competing standards are:
• American National Standards Institute(ANSI)X12
• EDIFACT developed by UN/ECE, Working Party for the Facilitation of International Trade
EDI Transport Layer:-
It corresponds with non electronic activity of sending business from one company to another
It can send via postal service, registered and certified mail & email etc.
Generally, EDI transport layer chooses email as the carrier service.
EDI Physical Layer:-
It describes physical devices which are involved in transaction.
Dial-up lines, Internet, Value-Added Networks etc.
EDI in India
EC/EDI Council of India:
Chairman: Secretary Department of Commerce
Secretariat: EC/EDI Division Department of Commerce
UdyogBhawan, New Delhi - 110011
EC/EDI council is the apex body consisting of all the key government departments and representatives
of trade and industry. It is responsible for laying down the policy frame work and direction for:-
• promotion and propagation of EDI and Electronic Commerce.
• creating awareness and education among the potential EC/EDI functionaries and users
• streamlining procedures and practices attending to legal issues
• human resource development
• any other issue connected with EDI and Electronic Commerce
India EDIFACT Committee:
Chairman: Additional Secretary Department of Commerce
Secretariat: EC/EDI Division Department of Commerce
UdyogBhawan, New Delhi - 110011
The India EDIFACT Committee (IEC) is responsible for formulatin standards, streamlining the
procedures in line with UN/EDIFACT and maintain liaison with UN/EDIFACT bodies.
To address all the information needed on different sectors and its interface with UN/EDIFACT standards
following Message Development Groups are working –
Ports Message Development Group under Indian Ports Association (IPA)
Airports Message Development Group under Airports Authority of India (AAI)
Financial Message Development Group under Indian Banks Association (IBA)
Customs Message Development Group under Central Board of Excise & Custom (CBEC)
Private Sector Message Development Group under Federation of Indian Export Organisations (FIEO)
29. Working Group: The working group is responsible for motivating various functionaries in the
government and ensure scheduled implementation of program.
Technical Assessment Group: The Technical Assessment Group is responsible for assessing the
messages developed by the various agencies for structure and syntax conformance, to review the
Implementation Guidelines prepared by various agencies for the respective messages developed by
them and to prepare and circulate the EDIFACT Message Directory.
Chairman : Senior Technical Director, NIC Department of Commerce Secretariat : EC/EDI Division
Department of Commerce UdyogBhawan, New Delhi - 110011
Education and Awareness: The Department of Commerce has identified key areas where immediate
attention was required such as user awareness and human resource development. For creating
awareness in respect of EC/EDI, four organizations have been identified namely Federation of Indian
Export Organizations (FIEO), All Indian Management Association (AIMA), National Informatics Centre
(NIC) and Indian Institute of Foreign Trade(IIFT). The course contents for awareness and training
programmes have been structured and programmes for various level of management have been
devised. This Ministry also organizes EDICON (An international conference and exhibition on Trade
Facilitation (TF/EC/EDI) every year along with special session for CEOs of top Indian companies.
VAN Service Providers: Department of Telecom has already licensed a number of operators for Value
Added Network (VAN) services. National Informatics Centre (NIC) and Videsh Sanchar Nigam
Limited(VSNL) are the two major companies/organizations providing high speed information highway
for EC/EDI services within the country and connectivity to foreign networks. A number of other
companies also recognized the emerging EC/EDI market and approached the Department of
Telecommunications, which is the licensing authority for (VAN) Value Added Network operations in
India. Companies such as Global Electronic Commerce Services Ltd., Mahindra Network Services,
Satyam Infosys, CMC Ltd., Manipal Control Data Electronic Commerce Systems etc.., have started
Co-ordinated EC/EDI implementation project
To facilitate international trade a co-ordinated EC/EDI implementation project is underway in
following departments/organisations :
– Directorate General of Foreign Trade (DGFT)
– Apparel Export Promotion Council/Cotton & Textile Export Promotion Council etc.
– Port Trusts
– Airport Authority of India (AAI)
– Container Corporation of India (CONCOR)
– Reserve Bank of India (RBI)
– Scheduled Banks
– Indian Railways
– CHA/Freight Forwarders
– Export Promotion Organization
• The First Technical element of the EDI system is the EDI software. It is a complete suite of software
for creating, transmitting, receiving, managing and tracking EDI documents. It contains the tools
needed to fine-tune EDI invoicing, from EDI document editing, to document review, to document
30. • The system design is comprehensive and can convert invoices, returns, change notices,
statements, purchase orders, and title catalogues into the EDI format.
• If pens & things is to send an order from its production control system to packaging solutions it
needs to code that order into the agreed EDI standard &’squirt’ it into the chosen VADS. To pickup the
order at the other end, packaging solutions has a similar need to extract the data from the network &
to decode the data from EDI message into its order processing system. The coding/Decoding of EDI
messages & interfacing with VADS in normally achieved using EDI software as shown in Fig.
Sending an order using EDI software
• Technically EDI comes down to imports/exports to/from your system and some data
communication. It is good practice to keep this import/export as simple as possible, and to concentrate
on the impact of EDI on your system and organization. You will want ONE import/export in your system
(for each information flow).You don't want to handle all the EDI details in the import/export module,
like you don't want to handle the logic of printer drivers in your application.
EDI Enabled Procurement Process
Procurement is the process whereby companies purchase goods and services from various suppliers.
These include everything from indirect goods like light bulbs, uniforms, toilet paper, and office supplies,
to the direct goods used for manufacturing products.
Procurement also involves the purchase of temporary labor, energy, vehicle leases, and more.
Companies negotiate discount contracts for some goods and services, and buy others on the spot.
Procurement can be an important part of a company's overall strategy for reducing costs.
Historically, the individuals or departments responsible for purchasing a company's goods and
services relied on various methods for doing so. The most basic included placing orders via telephone,
fax, or mail.
Electronic procurement methods, generally referred to as e-procurement, potentially enable the
procurement process to unfold in a faster, more efficient manner, and with fewer errors. These
methods include electronic data interchange (EDI), online marketplaces or e-marketplaces, and various
blends of the two.
EDI deals more with the way information is communicated during procurement than it does with the
act of linking buyers and suppliers.
By definition, EDI is the electronic exchange of business information—purchase orders, invoices, bills
of lading, inventory data, and various types of confirmations—between organizations or trading
partners in standardized formats.
31. EDI also is used within individual organizations to transfer data between different divisions or
departments, such as finance, purchasing, and shipping. Two characteristics set EDI apart from other
ways of exchanging information.
First, EDI only involves business-to-business transactions; individual consumers do not directly use
EDI to purchase goods or services.
Secondly, EDI involves transactions between computers or databases, not individuals. Therefore,
individuals sending e-mail messages or sharing files over a network does not constitute EDI.
EDI can occur point-to-point, where organizations communicate directly with one another over a
private network; via the Internet (also known as open EDI); and most commonly, via value-added
networks (VANs), which function like telephone lines by allowing for the transfer of information.
In the early 2000s, although many companies still relied on VANs, the Internet was playing a larger
role in EDI. It is possible for companies to translate the files used during EDI and send them to another
company's computer system over the Internet, via e-mail, or file transfer protocol (FTP).
Because it is an open network and access is not terribly expensive, using the Internet for EDI can be
more cost effective for companies with limited means.
It has the potential to provide them with access to large companies who continue to rely on large,
traditional EDI systems.
The low cost associated with open EDI also means that more companies are likely to participate. This
is important because the level of value for participants often increases along with their number.
E-procurement tools and applications:
Some e-procurement tools and applications include:
Electronic systems to support traditional procurement
EDI (electronic data interchange)
Internet as a support or complement to traditional procurement
Electronic mail (e-mail)
Web enabled EDI
Extensible markup language (XML)
World wide web (www)
Internet tools and platforms that replace traditional procurement
EDI (Electronic Data Interchange)
EDI is an application whereby electronic messages can be exchanged between computer programs of
two separate organizations. Some features of EDI include:
Messages are exchanged in groups, known as batches.
Messages can automatically be sent, transmitted and stored between computers without retyping or
EDI has to be implemented by each pair of organizations (sender and receiver) who wish to use it.
This means that the implementation costs of EDI are relatively high.
EDI is mostly used where the messages exchanged concern such matters as orders, confirmations,
transport information and invoicing.
EDI traditionally runs on so-called, “Value Added Networks”, which are closed networks (unlike open
networks like the Internet).
The figure below illustrates the categories of electronic communication exchange between people and
32. Internet tools and platforms that replace traditional procurement: Some internet tools and platforms
that replace traditional procurement include:
E-ordering and web-based ERP
E-Sourcing: E-sourcing supports the specification phase; it can be used to pre-qualify suppliers and
also identifies suppliers that can be used in the selection phase. For suppliers the benefit is:
“marketing” and for the buying organizations the benefit is facilitating the sourcing of suppliers. The
UN Global Market Place (UNGM www.ungm.org) is an example of an E-sourcing tool.
E-tendering: E-tendering supports the selection stage and acts as a communication platform
between the procuring organization and suppliers. It covers the complete tendering process from REOI
via ITB/RFP to contracting, usually including support for the analysis and assessment activities; it does
not include closing the deal with a supplier but facilitates a large part of the tactical procurement
process. It results in equal treatment of suppliers; transparent selection process; reduction in (legal)
errors; clear audit trial; more efficiency in the tactical procurement process and improved time
management of tendering procedures. Some UN organizations such as UNDP-IAPSO and UNHCR have
used E-tendering in the formulation of long-term agreements for vehicles, tents, motorcycles and
pharmaceuticals through an in-house developed tendering portal.
E-auctioning: E-auctioning supports the contract stage. It enables the closing of a deal with a supplier
if parties agree on price. They operate with an upward or downward price mechanism e.g. e-auctioning
with upward price mechanism for the selling organization and e-reverse auctioning with a downward
price mechanism for the buying organization. They can be made in accordance with traditional ITB/RFP.
They are internet based using open or closed systems.
E-ordering and web-based ERP: E-ordering and web-based ERP is the process of creating and
approving procurement requisitions, placing purchase orders, as well as receiving goods and services
ordered, by using software systems based on the Internet.
E-informing: E-informing is not directly associated with a stage in the procurement process; it is the
process of gathering and distributing procurement information both from and to internal and external
parties using Internet technology.
E-procurement in the procurement cycle: The figure below shows the six forms of e-procurement
plotted in the procurement process
33. Each of these forms can be explained as follows:
E-sourcing supports the specification phase; it identifies suppliers that can be used in the selection
E-tendering supports the selection phase; it facilitates the REOI and ITB/RFP activities, usually
including support for the analysis and assessment activities.
E-reverse auctioning supports the contract phase; it enables closing a deal with a supplier;
E-ordering and web-based ERP is the process of creating and approving procurement requisitions,
placing purchase orders, as well as receiving goods and services ordered, by using a software system
based on the Internet.
E-informing is not directly associated with a phase in the procurement process; it is the process of
gathering and distributing procurement information both from and to internal and external parties
using Internet technology.
Cyber Security – Cyber Attacks – Hacking- SSL - Authentication and assurance of data integrity –
Cryptographic based solutions – Digital Signatures – VPN.
What is Cyber Security?
Cyber security consists of technologies, processes and controls designed to protect systems, networks
and data from cyber attacks. Effective cyber security reduces the risk of cyber attacks and protects
against the unauthorised exploitation of systems, networks and technologies.
Robust cyber security involves implementing controls based on three pillars: people, processes and
technology. This three-pronged approach helps organisations defend themselves from both organised
attacks and common internal threats, such as accidental breaches and human error.
The three pillars of cyber security
Every employee needs to be aware of their role in preventing and reducing cyber threats, and
specialised technical cyber security staff need to stay fully up to date with the latest skills and
qualifications to mitigate and respond to cyber attacks.
Processes are crucial in defining how the organisation’s activities, roles and documentation are used to
mitigate the risks to the organisation’s information. Cyber threats change quickly, so processes need to
be continually reviewed to be able to adapt alongside them.
By identifying the cyber risks that your organisation faces you can then start to look at what controls to
put in place, and what technologies you’ll need to do this. Technology can be deployed to prevent or
reduce the impact of cyber risks, depending on your risk assessment and what you deem an acceptable
level of risk.
Why is cyber security important?
The costs of data breaches are soaring
With the EU GDPR (General Data Protection Regulation) now in force, organisations could be faced
with fines of up to €20 million or 4% of annual global turnover for certain infractions. There are also
non-financial costs to be considered, such as reputational damage and loss of customer trust.
Cyber attacks are becoming increasingly sophisticated
Cyber attacks have become more sophisticated with attackers using an ever-growing variety of tactics
to exploit vulnerabilities, such as social engineering, malware and ransomware (as was the case
with Petya, WannaCry and NotPetya).
Cyber security is a critical board issue
New regulations and reporting requirements make cyber security risk oversight a challenge. The board
will continue to seek assurances from management that their cyber risk strategies will reduce the risk
of attacks and limit financial and operational impacts.
A strong cyber security stance is a key defence against cyber-related failures and errors and malicious
cyber-attacks, so it’s vital to have the right cyber security measures in place to protect your
What are the consequences of a cyber attack?
Cyber attacks can disrupt and cause considerable financial and reputational damage to even
the most resilient organisation. If you suffer a cyber attack, you stand to lose assets, reputation and
business, and potentially face regulatory fines and litigation – as well as the costs of remediation.
The cybersecurity industry is constantly striving to stay well prepared and well ahead of new threats.
Data protection was in the spotlight all through 2018. It’s a common practice for applications to collect
user data like the user’s personal information, location, and other personal preferences. Such
important data is vulnerable and, if left unprotected, can be stolen and misused by hackers.
UK enacted the General Data Protection Regulation (GDPR) that forced companies to state and comply
with data privacy policies. GDPR gives the users control over their data and the freedom to decide
whether the data can be shared or not.
35. Newsworthy breaches and hacks
Despite these new measures being in effect, data breaches continue to be the biggest security threat.
According to a study conducted by First Data, almost 34% of consumers had their data compromised
last year. The following are some of the incidents that made the news last year.
Facebook security breach
Millions of user accounts were hacked in September 2018 when hackers exploited a vulnerability in
Facebook. The breach exposed user data, including personal information, and was the worst cyber
attack in the social media company’s history.
Airline industry data hacked
Data breaches were not limited to social media applications, the airline industry also suffered. British
Airways was subjected to multiple cyber attacks between August 21 and September 6th. Financial data
of customers, including credit and debit card details, were stolen. There was a similar data breach
targeting a major Asian airliner.
Marriot data breach
In November 2018, Marriot announced that it was also a victim of a massive data breach. An
“unauthorized” party accessed its reservation database exposing guest’s personal information,
including passport numbers. Almost 327 million users were impacted.
Quora data breach
Quora was another platform attacked last year. As soon as the breach was detected, Quora logged out
all its users and notified them of the security issue. 100 million accounts were at risk as user emails,
passwords and other personal information were leaked.
New technologies create vulnerability
The above breaches are just a few of the notable cyber attacks from 2018. The cybersecurity industry
had a lot to learn from these attacks and has implemented measures to mitigate the impact of such
attacks. But technology continues to evolve—creating more vulnerabilities that can be exploited easily.
Let’s look at some of the current technology trends and the impact they have on cybersecurity.
Bitcoin and other cryptocurrencies gained massive popularity in recent years. As more and more
consumers use cryptocurrencies for online transactions, there’s been a steady increase in hackers
targeting such transactions. Based on a study by CipherTrace, almost 927 million dollars were stolen by
hackers throughout the initial nine months of 2018. Cybersecurity can only combat these threats with
tools that are advanced enough to detect cryptojacking and cryptocurrency mining. Consumers need to
be educated about the risks involved when transacting with cryptocurrency while the cybersecurity
industry implements stricter protocols around cryptocurrency exchanges.
The wide use of IoT and advanced automation made way for artificial intelligence. The same technique
used to build programs that are “intelligent” can be used to build smarter malware and hacking
methods. The current set of cybersecurity tools is not designed to detect such malicious code. These
tools need to evolve with technology to handle threats posed by artificial intelligence.
In recent years, most applications migrated to the cloud and enterprises have adopted Software as a
Service (SaaS) as the preferred application delivery model. Data management has also transitioned
from local servers to the cloud. But this transition comes with its own set of vulnerabilities. The data
needs to be protected from hackers; a breach can put millions of users at risk. For example,
Ransomware attacks directed at cloud providers can compromise sensitive and critical data. Such an
attack would leave major enterprises completely at risk. Data protection must be a priority for cloud
providers—and cybersecurity tools that can detect ransomware and other types of cyber attacks—
should be implemented.
Cybersecurity is only effective when it keeps pace with current innovations and trends in the IT
industry. Companies should deploy the right security tools and protocols to prevent data breaches and
to ensure user privacy is maintained.
Catchpoint’s monitoring services do more than evaluate performance. The different monitors we offer
provide a comprehensive understanding of the different components that make up the application
delivery chain. We introduced an SSL monitor as part of our commitment to help you deliver optimal
37. SSL plays a critical role in securing data exchange. A compromised SSL certificate can leave the
application vulnerable to cyberattacks and impact application performance. Recently, the mobile
application of Softbank and O2 suffered outages. The outage was caused by an expired SSL provided by
Ericsson. SSL monitoring is an additional measure that ensures the security protocols implemented are
What is SSL?
SSL was introduced to secure the server-client connection and adds a layer of protection during data
transactions. It encrypts sensitive data, protecting it from potential threats on the information
We explained the basics of SSL and how it works in our Web Performance 101 blog series. SSL was
renamed to TLS and standardized by IETF. A website that is secured using SSL is protected from cyber-
attacks and data breaches. It protects user privacy and prevents hackers or intruders from
compromising the server-client connection. SSL provides three important security features:
Data encryption: Encrypt the data so only the recipient can decipher it.
Data integrity: Ensure the data is not corrupted.
Data authentication: Authentication is mandatory to access the secured data.
Securing end-user experience with SSL Monitoring
The Catchpoint SSL monitor ensures that you keep track of the security configuration of your
application. It allows you to monitor the following security features that are critical such as:
Certificate revocation: Monitoring the validity of the certificate against the Certificate
Revocation List (CRL).
Certificate pinning and public key pinning: The test checks the certificate thumbprint or
public key against the original certificate and alerts if there are any changes to it.
Certificate signing algorithm: Test the signing algorithm used by a certificate to ensure you
are using the right type of certificate for your website.
Certificate validity: Check the certificate expiration and set reminders as the renewal date
approaches so that you are prepared in advance and avoid compromising security with an expired
SSL is just one of the ways you can protect your application against malicious attacks. And Catchpoint’s
SSL monitor lets you track any malicious changes to the certificate. In addition to deploying SSL, the
cybersecurity industry offers a range of tools to detect threats and mitigate the impact of a cyber
attack. With evolving technologies, proactive and innovative measures are the need of the hour and
leaders in the cybersecurity industry are taking action.
38. Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide
policies for information security within an organization. The model is also sometimes referred to as the
AIC triad (availability, integrity andconfidentiality) to avoid confusion with the Central Intelligence
Agency. The elements of the triad are considered the three most crucial components of security.
In this context, confidentiality is a set of rules thatlimits access to information, integrity is the assurance
that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the
information by authorized people.
Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure
confidentiality aredesigned to prevent sensitive information from reaching the wrong people, while
making sure that the right people can in fact get it: Access must be restricted to those authorized to
view the data in question. It is common, as well, for data to be categorized according to the amount
and type of damage that could be done should it fall into unintended hands. More or less stringent
measures can then be implemented according to those categories.
Sometimes safeguarding data confidentiality may involve special training for those privy to such
documents. Such training would typically include security risks that could threaten this information.
Training can help familiarize authorized people with risk factors and how to guard against them.
Further aspects of training can include strong passwords and password-related best practices and
information about social engineering methods, to prevent them from bending data-handling rules with
good intentions and potentially disastrous results.
A good example of methods used to ensure confidentiality is an account number or routing number
when banking online. Data encryption is a common method of ensuring confidentiality. User IDs
and passwords constitute a standard procedure; two-factor authentication is becoming the norm.
Other options include biometric verification and security tokens, key fobs or soft tokens. In addition,
users can take precautions to minimize the number of places where the information appears and the
number of times it is actually transmitted to complete a required transaction. Extra measures might be
taken in the case of extremely sensitive documents, precautions such as storing only on air
gapped computers, disconnected storage devices or, for highly sensitive information, in hard copy form
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life
cycle . Data must not be changed in transit, and steps must be taken to ensure that data cannot be
altered by unauthorized people (for example, in a breach of confidentiality). These measures include
file permissions and user access controls. Version control maybeused to prevent erroneous changes or
accidental deletion by authorized users becoming a problem. In addition, some means must be in place
to detect any changes in data that might occur as a result of non-human-caused events such as an
electromagnetic pulse (EMP) or server crash. Some data might include checksums, even cryptographic
checksums, for verification of integrity. Backups or redundancies must be available to restore the
affected data to its correct state.
Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs
immediately when needed and maintaining a correctly functioning operating system environment that
is free of software conflicts. It’s also important to keep current with all necessary system upgrades.
Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are
equally important. Redundancy, failover, RAID even high-availability clusters can mitigate serious
consequences when hardware issues do occur. Fast and adaptive disaster recovery is essential for the
39. worst case scenarios; that capacity is reliant on the existence of a comprehensive disaster recovery
plan (DRP). Safeguards against data loss or interruptions in connections must include unpredictable
events such as natural disasters and fire. To prevent data loss from such occurrences, a backup copy
may be stored in a geographically-isolated location, perhaps even in a fireproof, waterproof safe. Extra
security equipment or software such as firewalls and proxy servers can guard against downtime and
unreachable data due to malicious actions such as denial-of-service (DoS) attacks and network
Digital signatures are the public-key primitives of message authentication. In the physical world, it is
common to use handwritten signatures on handwritten or typed messages. They are used to bind
signatory to the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding
can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret key known only
by the signer.
In real world, the receiver of message needs assurance that the message belongs to the sender and he
should not be able to repudiate the origination of that message. This requirement is very crucial in
business applications, since likelihood of a dispute over exchanged data is very high.
As mentioned earlier, the digital signature scheme is based on public key cryptography. The model of
digital signature scheme is depicted in the following illustration –
The following points explain the entire process in detail −
Each person adopting this scheme has a public-private key pair.
Generally, the key pairs used for encryption/decryption and signing/verifying are different.
The private key used for signing is referred to as the signature key and the public key as the verification
Signer feeds data to the hash function and generates hash of data.
Hash value and signature key are then fed to the signature algorithm which produces the
digital signature on given hash. Signature is appended to the data and then both are sent to the
Verifier feeds the digital signature and the verification key into the verification algorithm.
The verification algorithm gives some value as output.
Verifier also runs same hash function on received data to generate hash value.
40. For verification, this hash value and output of verification algorithm are compared. Based on
the comparison result, verifier decides whether the digital signature is valid.
Since digital signature is created by ‘private’ key of signer and no one else can have this key;
the signer cannot repudiate signing the data in future.
It should be noticed that instead of signing data directly by signing algorithm, usually a hash of data is
created. Since the hash of data is a unique representation of data, it is sufficient to sign the hash in
place of data. The most important reason of using hash instead of data directly for signing is efficiency
of the scheme.
Let us assume RSA is used as the signing algorithm. As discussed in public key encryption chapter, the
encryption/signing process using RSA involves modular exponentiation.
Signing large data through modular exponentiation is computationally expensive and time consuming.
The hash of the data is a relatively small digest of the data, hence signing a hash is more efficient than
signing the entire data.
Out of all cryptographic primitives, the digital signature using public key cryptography is considered as
very important and useful tool to achieve information security.
Apart from ability to provide non-repudiation of message, the digital signature also provides message
authentication and data integrity. Let us briefly see how this is achieved by the digital signature −
Message authentication − When the verifier validates the digital signature using public key
of a sender, he is assured that signature has been created only by sender who possess the
corresponding secret private key and no one else.
Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output provided by the
verification algorithm will not match. Hence, receiver can safely deny the message assuming that data
integrity has been breached.
Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can present data
and the digital signature to a third party as evidence if any dispute arises in the future.
By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can
provide the four essential elements of security namely − Privacy, Authentication, Integrity, and Non-
In many digital communications, it is desirable to exchange an encrypted messages than plaintext to
achieve confidentiality. In public key encryption scheme, a public (encryption) key of sender is
available in open domain, and hence anyone can spoof his identity and send any encrypted message to
This makes it essential for users employing PKC for encryption to seek digital signatures along with
encrypted data to be assured of message authentication and non-repudiation.
This can archived by combining digital signatures with encryption scheme. Let us briefly discuss how to
achieve this requirement. There are two possibilities, sign-then-encrypt and encrypt-then-sign.
However, the crypto system based on sign-then-encrypt can be exploited by receiver to spoof identity
of sender and sent that data to third party. Hence, this method is not preferred. The process of
encrypt-then-sign is more reliable and widely adopted. This is depicted in the following illustration −
41. The receiver after receiving the encrypted data and signature on it, first verifies the signature using
sender’s public key. After ensuring the validity of the signature, he then retrieves the data through
decryption using his private key.
A virtual private network (VPN) is programming that creates a safe and encrypted connection over a
less secure network, such as the public internet. A VPN works by using the shared public infrastructure
while maintaining privacy through security procedures and tunnelingprotocols. In effect, the protocols,
by encrypting data at the sending end and decrypting it at the receiving end, send the data through a
"tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security
involves encrypting not only the data, but also the originating and receiving network addresses.
In the early days of the internet, VPNs were developed to provide branch office employees with an
inexpensive, safe way to access corporate applications and data. Today, VPNs are often used by remote
corporate employees, gig economy freelance workers and business travelers who require access to
sites that are geographically restricted. The two most common types of VPNs are remote access VPNs
and site-to-site VPNs.
Remote access VPN
Remote access VPN clients connect to a VPN gateway server on the organization's network. The
gateway requires the device to authenticate its identity before granting access to internal network
resources such as file servers, printers and intranets. This type of VPN usually relies on either IP
Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection, although SSL VPNs are often
focused on supplying secure access to a single application rather than to the entire internal network.
Some VPNs provide Layer 2 access to the target network; these require a tunneling protocol like
the Point-to-Point Tunneling Protocol or the Layer 2 Tunneling Protocol running across the base IPsec
connection. In addition to IPsec and SSL, other protocols used to secure VPN connectivity and encrypt
data are Transport Layer Security (TLS) and OpenVPN.
42. Site-to-site VPN
In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a
network in another location. End-node devices in the remote location do not need VPN clients because
the gateway handles the connection.
Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use
carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. Here, too, it is
possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2 (virtual private LAN service)
running across the base transport.
In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled
access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP
addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks
to the mobile device no matter where it may roam. An effective mobile VPN provides continuous
service to users and can seamlessly switch across access technologies and multiple public and private
Hardware VPNs offer a number of advantages over the software-based VPN. In addition to enhanced
security, hardware VPNs can provide load balancing to handle large client loads. Administration is
managed through a Web browser interface. A hardware VPN is more expensive than a software VPN.
Because of the cost, hardware VPNs are a more realistic option for large businesses than for small
businesses or branch offices. Several vendors, including Irish vendor InvizBox, offer devices that can
function as hardware VPNs.
A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced
security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect
a router that provides protection, authorization, authentication and encryption >for VPNs.
Dynamic multipoint virtual private network (DMVPN)
A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data
between sites without needing to pass traffic through an organization's headquarter virtual private